Skip to main content

Builder configuration

General

ParameterDefaultDescription
DATABASE_URLThe database URL
ENCRYPTION_SECRETA 256-bit key used to encrypt sensitive data. It is strongly recommended to generate a new one. The secret should be the same between builder and viewer.
ADMIN_EMAILThe email that will get a "Pro" plan on user creation
NEXTAUTH_URLThe builder base URL. Should be the publicly accessible URL (i.e. https://typebot.domain.com)
NEXT_PUBLIC_VIEWER_URLThe viewer base URL. Should be the publicly accessible URL (i.e. https://bot.domain.com)
NEXTAUTH_URL_INTERNALThe internal builder base URL. You have to set it only when NEXTAUTH_URL isn't publicly accessible
DEFAULT_WORKSPACE_PLANFREEDefault workspace plan on user creation or when a user creates a new workspace. Possible values are FREE, STARTER, PRO, LIFETIME. The default plan for admin user is LIFETIME
DISABLE_SIGNUPfalseTo disable new sign ups but still be able to sign in with existing users or admin email

Email (Auth, notifications)

Used for sending email notifications and authentication

ParameterDefaultDescription
SMTP_USERNAMESMTP username
SMTP_PASSWORDSMTP password
SMTP_HOSTSMTP host. (i.e. smtp.host.com)
SMTP_PORT25SMTP port
NEXT_PUBLIC_SMTP_FROMFrom name and email (i.e. 'Typebot Notifications' <notifications@host.com>)
SMTP_SECUREfalseIf true the connection will use TLS when connecting to server. If false (the default) then TLS is used if server supports the STARTTLS extension. In most cases set this value to true if you are connecting to port 465. For port 587 or 25 keep it false
SMTP_AUTH_DISABLEDfalseTo disable the authentication by email but still use the provided config for notifications

Google (Auth, Sheets, Fonts)

Used authentication in the builder and for the Google Sheets integration step. Make sure to set the required scopes (userinfo.email, spreadsheets, drive.readonly) in your console The Authorization callback URL should be $NEXTAUTH_URL/api/auth/callback/google

ParameterDefaultDescription
GOOGLE_CLIENT_IDThe Client ID from the Google API Console
GOOGLE_CLIENT_SECRETThe Client secret from the Google API Console

Used for Google Fonts (Optional):

ParameterDefaultDescription
NEXT_PUBLIC_GOOGLE_API_KEYThe API Key from the Google API Console

Configuration

https://console.developers.google.com/apis/credentials

The "Authorized redirect URIs" used when creating the credentials must include your full domain and end in the callback path. For example,

  • For production: https://{YOUR_DOMAIN}/api/auth/callback/google
  • For development: http://localhost:3000/api/auth/callback/google

GitHub (Auth)

Used for authenticating with GitHub. By default, it uses the credentials of a Typebot-dev app.

You can create your own GitHub OAuth app here. The Authorization callback URL should be $NEXTAUTH_URL/api/auth/callback/github

ParameterDefaultDescription
GITHUB_CLIENT_IDApplication client ID. Also used to check if it is enabled in the front-end
GITHUB_CLIENT_SECRETApplication secret

GitLab (Auth)

Used for authenticating with GitLab. Follow the official GitLab guide for creating OAuth2 applications here. The Authorization callback URL should be $NEXTAUTH_URL/api/auth/callback/gitlab

ParameterDefaultDescription
GITLAB_CLIENT_IDApplication client ID. Also used to check if it is enabled in the front-end
GITLAB_CLIENT_SECRETApplication secret
GITLAB_BASE_URLhttps://gitlab.comBase URL of the GitLab instance
GITLAB_REQUIRED_GROUPSComma-separated list of groups the user has to be a direct member of, e.g. foo,bar
GITLAB_NAMEGitLabName of the GitLab instance, used for the SSO Login Button

Facebook (Auth)

You can create your own Facebook OAuth app here. The Authorization callback URL should be $NEXTAUTH_URL/api/auth/callback/facebook

ParameterDefaultDescription
FACEBOOK_CLIENT_IDApplication client ID. Also used to check if it is enabled in the front-end
FACEBOOK_CLIENT_SECRETApplication secret

Azure AD (Auth)

If you are using Azure Active Directory for the authentication you can set the following environment variables. The Authorization callback URL should be $NEXTAUTH_URL/api/auth/callback/azure-ad

ParameterDefaultDescription
AZURE_AD_CLIENT_IDApplication client ID
AZURE_AD_CLIENT_SECRETApplication client secret. Can be obtained from Azure Portal.
AZURE_AD_TENANT_IDAzure Tenant ID

Custom OAuth Provider (Auth)

ParameterDefaultDescription
CUSTOM_OAUTH_NAMECustom OAuthProvider name. Will be displayed in the sign in form.
CUSTOM_OAUTH_CLIENT_IDOAuth client ID.
CUSTOM_OAUTH_CLIENT_SECRETOAuth client secret.
CUSTOM_OAUTH_WELL_KNOWN_URLOAuth .well-known URL (i.e. https://auth.domain.com/.well-known/openid-configuration)
CUSTOM_OAUTH_USER_ID_PATHidUsed to map the id from the user info object
CUSTOM_OAUTH_USER_NAME_PATHnameUsed to map the name from the user info object
CUSTOM_OAUTH_USER_EMAIL_PATHemailUsed to map the email from the user info object
CUSTOM_OAUTH_USER_IMAGE_PATHimageUsed to map the image from the user info object

For *_PATH parameters, you can use dot notation to access nested properties (i.e. account.name).

S3 Storage (Media uploads)

Used for uploading images, videos, etc... It can be any S3 compatible object storage service (Minio, Digital Oceans Space, AWS S3...)

ParameterDefaultDescription
S3_ACCESS_KEYS3 access key. Also used to check if upload feature is enabled
S3_SECRET_KEYS3 secret key.
S3_BUCKETtypebotName of the bucket where assets will be uploaded in.
S3_PORTS3 Host port number
S3_ENDPOINTS3 endpoint (i.e. s3.domain.com).
S3_SSLtrueUse SSL when establishing the connection.
S3_REGIONS3 region.

Note that for AWS S3, your endpoint is usually: s3.<S3_REGION>.amazonaws.com

Your bucket must have the following policy that tells S3 to allow public read when an object is located under the public folder:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicRead",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::<BUCKET_NAME>/public/*"
}
]
}

You also need to configure CORS so that an object can be uploaded from the browser:

[
{
"AllowedHeaders": ["*"],
"AllowedMethods": ["PUT", "POST"],
"AllowedOrigins": ["*"],
"ExposeHeaders": ["ETag"]
}
]

Giphy (GIF picker)

Used to search for GIF. You can create a Giphy app here

ParameterDefaultDescription
NEXT_PUBLIC_GIPHY_API_KEYGiphy API key

Others

Show

The official Typebot managed service uses other services such as Stripe for processing payments, Sentry for tracking bugs and Sleekplan for user feedbacks.

The related environment variables are listed here but you are probably not interested in these if you self-host Typebot.

Stripe

ParameterDefaultDescription
NEXT_PUBLIC_STRIPE_PUBLIC_KEYStripe public key
STRIPE_SECRET_KEYStripe secret key
STRIPE_PRO_PRICE_IDPro plan price id
STRIPE_STARTER_PRICE_IDStarter plan price id
STRIPE_ADDITIONAL_CHATS_PRICE_IDAdditional chats price id
STRIPE_ADDITIONAL_STORAGE_PRICE_IDAdditional storage price id
STRIPE_WEBHOOK_SECRETStripe Webhook secret

Sentry

ParameterDefaultDescription
NEXT_PUBLIC_SENTRY_DSNSentry DSN
SENTRY_AUTH_TOKENUsed to upload sourcemaps on app build
SENTRY_PROJECTSentry project name
SENTRY_ORGSentry organization name

These can also be added to the viewer environment

Vercel (custom domains)

ParameterDefaultDescription
VERCEL_TOKENVercel API token
VERCEL_VIEWER_PROJECT_NAMEThe name of the viewer project in Vercel
VERCEL_TEAM_IDVercel team ID that contains the viewer project

Sleekplan

ParameterDefaultDescription
SLEEKPLAN_SSO_KEYSleekplan SSO key used to automatically authenticate a user in Sleekplan

Internal Webhooks

ParameterDefaultDescription
USER_CREATED_WEBHOOK_URLWebhook URL called whenever a new user is created (used for importing a new SendGrid contact)

note

If you're self-hosting Typebot, sponsoring me is a great way to give back to the community and to contribute to the long-term sustainability of the project.

Thank you for supporting independent creators of Free Open Source Software!